Documente Academic
Documente Profesional
Documente Cultură
Permission is granted to copy and to distribute this paper provided that no alterations are
made, the paper is distributed in its entirety and copies are distributed at no cost.
1
Geoff Collier (gcollier@eduworks.com) is a senior partner at Eduworks Corporation and has over 20 years of
experience in designing and implementing student administration systems. Harry Piccariello
(harry.piccariello@contentguard.com) is convener of the ISO/IEC JTC1 Working Group on Digital Rights Expression
Languages. Robby Robson (rrobson@eduworks.com) is president of Eduworks Corporation, Chair of the IEEE
Learning Technology Standards Committee and director of the National Digital Science Library Reusable Learning
project.
1 The Digital Rights Management Challenge
In the education community learning content is created and managed in a complex and
changing environment. Institutions and organizations are building digital repositories of
learning objects and other content [25, 28, 30, 31]. These repositories are federating with
each other and are providing widespread access in ways that make it difficult to know who
or how their content and services are being used.
Nor are the processes of creating, delivering and using content simple or linear. Content
goes through a life cycle during which multiple authors may be associated with any piece of
content, and content may be distributed through multiple channels, modified several times,
and used in many different ways for teaching and learning.
These developments require a careful examination of the requirements and methods for
managing intellectual property rights using information and communication technology, in
other words, for Digital Rights Management (DRM2).
DRM is often thought of as the ability to prevent consumers from accessing or distributing
digital content without authorization3. This ‘retail’ view of DRM is based on a model where
content is published by a single source and is ultimately consumed by users who do not
modify the content.
The goal of many content authors in academia is to share their intellectual property as
widely as possible while receiving appropriate attribution whenever and wherever their
works are used. In addition, many repositories and content providers want usage data, for
evaluation purposes as well as for determining costs associated with distribution licenses.
Currently, attribution is enforced by professional norms within the academic community and
usage is typically tracked and reported by distributors (such as bookstores) that have a
direct relation with their content providers (such as publishers). This model does not meet
all the requirements of distributed network environments.
2
In this white paper DRM refers to the management of intellectual property rights using digital methods.
3
For example, the book publisher South-Western [50] defines DRM systems as those that “help protect the
copyright of materials by defining how the content can be used. These rights are determined by the publishers.”
The IT infrastructures of universities provide access control and security within their
organizational confines. These capabilities can be used to enable and control the use of
documents and other files stored and used within these boundaries. However, content
sharing in academia crosses the boundaries of technology environments and organizations
to form highly distributed systems that can span the globe. Content may be distributed to
any number of delivery media, platforms or environments.
Therefore, the technology used to express and enforce the terms and conditions associated
with digital content must be ‘persistent’ in the sense that it must be available whenever and
wherever the content is accessed, distributed or used.
It is not feasible to use ad-hoc or proprietary methods for managing the intellectual
property rights associated with so much content from so many sources. Standardized and
automated methods are needed for expressing, transmitting, interpreting and enforcing
rights. Similarly, a model is needed to assist organizations in analyzing their particular
requirements and formulating or selecting policy and technology solutions.
The next section of this white paper puts forward such a model. It identifies the components
and processes that make up a digital rights management ecosystem in the education
community. The model is intended to provide a structured framework for analyzing DRM
scenarios, requirements, roles and technology options. The output from the model is a
structured analysis of DRM requirements, current and potential solutions, and the
identification of gaps and issues in supporting these requirements.
In Section 3 the model is applied to specific scenarios representative of current reality in the
academic community. The scenarios demonstrate how the model can be used to structure
an analysis of digital rights management, identifying gaps and what is needed to fill those
gaps. Section 4 addresses the process of preparing for automated DRM, walking through the
components of the ecosystem model and pointing out some of the more important issues
raised.
Actors – Rights apply to people and organizations, not to technology. Any implementation
of rights management must identify the key actors and keep them firmly in mind. In our
analysis, these are included as part of the environmental factors.
4
An ecosystem is “a system formed by the interaction of a community of organisms with their physical
environment” [15]. The term is used in this paper to emphasize the need to look at the wider context in which an
institution operates when examining DRM issues.
Tools and Applications – Content is created, distributed, acquired and used via software
that includes authoring tools, content repositories, learning management environments and
personal computing environments. Rights management affects all these tools and
applications.
Rights Management Processes – The model organizes rights management processes into
four major categories: Defining rights, distributing / acquiring rights, enforcing rights, and
tracking usage. These are the processes that must be supported in a DRM ecosystem.
Figure 1
a. Market models
b. The legal and policy context
c. Important actors (organizations and people) and roles
d. Expectations for the management of rights
a. Defined
b. Acquired and distributed
c. Enforced
7. Identify what functionality gaps need to be filled and what approaches are realistic.
The first scenario is a straightforward one in which a college bookstore acquires online
“course packs” from a textbook publisher. The course packs complement and support the
textbook being used for a particular course. Course packs are loaded directly into a campus
Course Management System through which students access them.
Analysis
1. Environmental Factors
b. Legal and Policy Context. As with all scenarios that will be examined, copyright
and other applicable laws form the legal context. Depending on the country or
2. Content Lifecycle
In this scenario the content (course packs) enters the college ecosystem from an
external but controlled source (the publisher). It is distributed via a Course
Management System and is “consumed” by the student. This is simple linear
distribution chain in which no modification of content takes place.
3. Rights
a. Definition of Rights. In this scenario rights are defined through existing law
and through a contract. This works because the publisher and the college
bookstore are trusted partners who negotiate a contract directly with each other.
The course packs are only made available only after a relationship is established
and contracts are in place.
c. Enforcement. There are three places in this scenario where rights might be
enforced.
The publisher might rescind distribution rights if the bookstore does not meet
required terms and conditions.
The Course Management System could enforce rights by denying students
access to the course pack if access is not authorized.
4. Usage Tracking
5. Services Required
Financial and usage tracking services associated with selling text books and course
pack licenses are already in place and being used.
Copy protection requires “rights enabled” software. Some document formats (such
as PDF) can be more easily copy protected than others. Copy protection can be
“hacked,” but the Digital Millennium Copyright Act makes this a federal offense in the
United States.
The rights management required by this scenario is not significantly different than
that required for traditional sales of books or media. The sticky points are:
Copy protection depends on developing technologies that have not been fine-
tuned. Ideally students should be able to legally and conveniently make
backup copies of content accessed through Course Management Systems but
prevented from distributing copies.
A professor has developed a bank of interactive test questions. Funding for the project was
received from the National Science Foundation (NSF) and in return the professor promised
to (a) make the question bank available to any faculty member at any accredited university
or college and (b) report the usage of the test bank to the NSF.
The test bank can be downloaded in the form of an executable file. With some technical
expertise, this file can be used to make questions available on a course Web site or used to
load questions into a Course Management System. The professor makes the executable file
available on her own Web site and also gives a copy to her university’s library, where it
become part of a searchable institutional repository.
Analysis
1. Environmental Factors
b. Legal and Policy Context. Copyright [52] and other applicable laws form the
legal basis for rights management. Although funding for the test bank came from
the NSF, the NSF does not claim any intellectual property rights. Therefore the
rights holder is either the professor or the professor’s institution (or some
combination), depending on the terms of the professor’s employment. In
practice, the professor is either the rights holder or acts as the prime agent for
the rights holder.
Policies (or legislation) about privacy, record keeping etc. could affect rights
management in this scenario. Despite the fact the professor wants to collect data
on the usage and results of her test questions, this data may be confidential.
The professor
Faculty and students at other institutions
The library at the professor’s institution
The National Science Foundation
5
This scenario was proposed by Gerd Kortemeyer as part of an interactive presentation on DRM at the NLII 2004
Annual Meeting, and was analyzed through a role playing process during that presentation. Gerd is the Director of
the Michigan State University Laboratory for Instructional Technology in Education [24].
2. Content Lifecycle.
The question bank was created by the professor in her own personal computing
environment. She distributed it to her own Web site and to the university library.
Faculty members download the associated executable file from her Web site or from
her institution’s repository. The file allows questions to be incorporated into class
Web sites or loaded into a Course Management Systems. Students interact with the
quizzes through these sources.
Some faculty members who use the questions want to make additions and changes.
To do so they must contact the authoring professor for permission and to obtain the
source code for modification.
3. Rights
4. Usage Tracking
The authoring professor wants the usage of questions reported back to her. She may
have to settle for download statistics from her Web site and from her institution’s
library repository, but she would prefer to receive data back from faculty members
who deploy her questions. This requires tracking at the point of consumption,
meaning when students use the quiz questions.
The professor’s Web site and her library repository require authentication and
authorization services to restrict access to the full question set to faculty at
accredited educational institutions. Course Web sites and course management
systems require authentication and authorization to restrict access to students
enrolled in the course and possibly as part of the effort to prevent unauthorized re-
distribution of the quiz questions. Copy and print protection is required as discussed
above.
Regardless of how rights are enforced in this scenario, they need to be expressed so
that faculty members understand the terms of use (e.g. that reporting usage data is
a condition for using the questions). If copy protection is to be implemented by
systems delivering the quiz questions, then those systems must know that the
questions are to be copy protected. The service required is a rights expression
service that expresses rights, terms and conditions in a standardized way.
These gaps illustrate the need for a rights management methodology that associates
rights with content in a way that travels with the content as it is distributed and re-
distributed. Systems that can read, interpret and act upon standard rights
expressions may fill this need, as illustrated by projects like the Australian COLIS
project [4,9].
A Community College history instructor has purchased a set of videos of the PBS series “The
Civil War” by Ken Burns and wishes to make a number of scenes available online so
students in his class can view them while working on a term paper. The community college
has a media server that is capable of streaming digitized extracts of this video to students.
6
This scenario comes from [40].
1. Environmental Factors
a. Market models. The initial purchase by the professor follows a consumer model
where PBS distributes content to the instructor in exchange for payment. The
market model relevant to the class, however, is one where content is provided by
an educational institution in exchange for tuition. Even though PBS has a public
service component, there is a discontinuity in the market models under which the
video was acquired and under which portions are distributed.
b. Legal and Policy Context. The scenario described is precisely the type of
situation envisioned by the TEACH Act7. Prior to enactment of the TEACH Act,
online distribution of “displays and performances” (as a video is called in legal
terminology) was not allowed. The TEACH Act makes this possible, albeit with
numerous restrictions and requirements. In this scenario the Act requires that:
If The Civil War is available in digitized form, the community college must
purchase it. Converting video to streaming media is allowed only if there is no
alternative source of digitized content.
The digitized versions of the scenes from The Civil War must be maintained in
a way that reasonably prevents their use by anyone other than intended
recipients, and that prevents use for any longer than is necessary for the
students to complete their class assignment.
d. Expectations for the management of rights. PBS expects that its intellectual
property will used in accordance with U.S. law [52], including the TEACH act. The
community college administration expects that faculty and staff will follow
institutional policies with regard to intellectual property rights.
7
Technology, Education And Copyright Harmonization Act [40,53].
The Civil War video was produced by PBS and purchased by the instructor. If a
digitized version is available, this digitized copy must be purchased by the
community college. The video will then be loaded to the server by the community
college’s technical staff and viewed by the students who are enrolled in the history
course.
3. Rights
a. Definition of Rights. Rights are defined by PBS at the time the video is
published and sold. However, U.S. Copyright law, in particular the TEACH Act,
also grants certain usage and distribution rights with associated conditions.
Students acquire rights to see the portions of the video when they enroll in the
class, and these rights are distributed by the community college. The rights
distributed to the students are severely restricted and do not include the right to
redistribute content or even to retain content past the end of the period during
which they are authorized to see it.
c. Enforcement. There are numerous points in this scenario where rights need to
be enforced. The original license purchased by the instructor (as part of buying
the video) undoubtedly forbids copying and redistribution. If any technological
protection is used, as might be the case with some newer digital formats, the
Digital Copyright Millennium Act makes it illegal to defeat (or “hack”) the
protection. Even without protection, the community college will be very reluctant
to put a copy on its media server in violation of copyright law: the threat of
litigation sufficiently outweighs the cost of compliance, which in this case may
mean buying a digitized copy. Once the video (or portions of the video) are on
the media server, the TEACH Act requires that access be restricted to students
enrolled in a class that is using it and that it not be made available for any longer
than necessary. These restrictions might be enforced by the media server or by a
course management system (or class Web site) through which the video is
accessed. Downloading, at least in a form that can be retained or distributed,
must also be prevented. Without more sophisticated services that express and
enforce licenses, the most plausible way to do that is to use a format that cannot
be converted to a local copy.
4. Usage Tracking
The community college is not required by law to track usage, but they presumably
may be called upon to demonstrate that content used under the TEACH Act is only
accessible by enrolled students and cannot be downloaded. The community college
may wish to track usage for other reasons, such as generating statistics for internal
budgeting purposes and the instructor may wish to track usage to see how the video
is being used.
The basic TEACH Act requirements can be met with existing technology. However,
there are still gaps. For example, there is very little extant technology that allows a
document to be copied but not distributed or that allows a document to be viewed
only during a specific time period. Moreover, access to resources in Course
Management Systems is generally set up by instructors, adding another
administrative duty to people whose primary job is teaching.
As with the previous scenario, what is needed is a way of associating rights directly
with content and relying on systems (such as Course Management Systems) to
interpret and enforce these rights, rather than programming the rights into the
systems via access control.
A digital library reviews and maintains catalog records of material for K-12 mathematics and
science teaching. The materials come from a variety of sources including
The records maintained by the digital library point to original sources from the material;
with rare exceptions the digital library does not “house” any content itself.
Teachers, students and school districts use the digital library to find professional
development material for teachers and content for students. The content is used in both
purely online and traditional classroom settings. The digital library provides an interface that
permits users to find content based on keywords, subject classifications, grade levels,
articulation with curriculum standards, technical requirements and many other
8
This scenario is a real-life scenario based on issues faced by the Eisenhower National Clearinghouse
(www.enc.org). For an example of an ENC record, see
http://www.enc.org/resources/records/full/0,1240,025708,00.shtm
The digital library employs professional catalogers to review all materials in the library, to
create summary descriptions of the material, and to generate the information needed for
searches. This information is called metadata and it constitutes valuable intellectual
property that the digital library has generated through the application of their resources. If
teachers, parents and students know that a review or classification came from this
particular digital library, they can assume that it is authoritative and accurate.
The digital library would like users to be able to specify terms of use (such as
“no fee”) when searching its catalog, and to see rights information in a
standard structure and format when catalog records are found.
The digital library would like to appropriately protect its own intellectual
property (the metadata records) in order to maintain “branding” and prevent
misuse or misrepresentation of the reviews and metadata it has created.
Analysis
1. Environmental Factors
a. Market models. The content cataloged in the digital library comes from a
variety of sources – commercial, private, publicly funded and academic. These all
use different market models, but the digital library is acting only as a means to
find and evaluate resources. In the scenario as written, the business model (and
therefore the market model) for the digital library itself is not specified, but in
fact it is supported by a combination of federal funds, federal grants and
contracts with state or multi-state educational agencies. The metadata records
created by the digital library can be used by other digital libraries at no fee,
provided that appropriate branding and attribution are retained when these
records are re-used.
b. Legal and Policy Context. The policy of the digital library allows for content of
all types to be cataloged in the library, regardless of the terms of use associated
with that content. The digital library is also subject to reporting requirements
and other policies that result from the method through which it is funded. These,
together with overarching copyright and intellectual property rights laws, form
the context in which the library must operate.
d. Expectations for the management of rights. The digital library expects that
its users will be able to see and interpret the digital rights associated with the
content it catalogs. The digital library does not expect to be involved in enforcing
digital rights on behalf of others, but it does not wish to interfere with rights
2. Content Lifecycle
The digital library provides the “find” function in the content lifecycle and therefore
plays an important role in distribution and acquisition of content. It is also involved
in the authoring and production of content, but only for its own metadata records.
3. Rights
a. Definition of Rights.
Rights for the content cataloged by the digital library are defined externally to
the digital library. Primarily, they are defined when the content is authored or
published. However, the digital library might catalog content from another
digital library or from an online distributor of educational material. In that
case rights might be defined (or expressed) by an organization that is one or
two steps removed from the source of the content.
Rights for the digital library’s catalog records are defined when they are
created and stored in the library.
The digital library would like to interpret and display rights information as part
of its catalog records and would like to permit users to search for resources
with specific rights attributes (e.g. that are cost-free). However, as with the
content it catalogs, the digital library does not want to be involved in the
actual acquisition or distribution of rights.
The digital library would like to properly distribute (and control the
distribution of) rights to its own catalog records. For example, it would like
ensure that they can be widely used but that it receives attribution and usage
data in exchange.
c. Enforcement.
The digital library does not enforce rights for the resources it catalogs.
However, those resources might have associated rights that affect the way in
which the digital library can catalog them. For example the associated terms
of use may forbid “deep linking.9”
The digital library would like attribution and usage rights for its own
intellectual property (its catalog records) to be enforced when they are
accessed, either directly or through a different digital library that has
“harvested” the records.
4. Usage Tracking
Usage tracking is desirable so the digital library can analyze and report on usage and
impact as part of its justification for continued public funding.
9
See http://fairuse.stanford.edu/Copyright_and_Fair_Use_Overview/chapter6/6-c.html for a discussion.
The digital library needs a service that will allow it and its users to display and
interpret rights associated with content that comes through a variety of channels.
Another required service is one that permits the digital library to uniquely identify
objects (to avoid duplication in its catalog) and that ensures that links are up-to-date
and function properly (so that users can access the content described in catalog).
These services are often combined and called “persistent unique identifiers.”
The digital library also desires a usage tracking service that will return data even
when its catalog records have been accessed through a source that is several steps
removed. For example, a catalog record from the digital library in the scenario might
be harvested by a second digital library that maintains a catalog of educational
mathematical resources. A school district might then find the record through this
second digital library and place it in a resource section of its Web site. When a
teacher uses the district’s version of the catalog to retrieve content for classroom
use, the desired tracking service would report this back to the digital library that
originally created the record.
In practice, the services do not exist today to support DRM in the distributed digital
library ecosystem described above.
Standards and technology are emerging for persistent unique identifiers based on
registries and handle systems [11,19,20, and 32] and for rights expressions that can
be read by humans and processed automatically by computers [21, 33, 54].
Persistent unique identifiers are needed for tracking and reporting and standardized
rights expressions are needed to manage rights across distributed and federated
networks of information sources.
A DRM ecosystem for education operates within a particular set of environmental conditions,
composed of the law, policy, practice, market mechanisms, organizations, people with roles,
and expectations of the education community. Recognizing and understanding these is the
first step in a successful DRM implementation.
DRM, often equated with content protection, has a reputation as serving the publishers and
vendors of content. In fact, it can and should serve a more diverse audience and it is of
paramount importance to identify the real customer(s) in any DRM implementation. This can
be complex and can lead to conflicting goals and measures of success, but it is necessary to
acknowledge and face this complexity.
Law
Copyright law grants creators of an original work certain rights to their creations. These
laws, which vary from country to country, establish the legal requirements and boundaries
within which the education community must operate. Laws can both support and inhibit the
management of intellectual property, but they cannot be ignored.
Before a community can implement a rights management ecosystem, it must identify and
agree upon the underlying market and intellectual property management models that will be
in play. Market models might include retail and wholesale models, public funding models,
free distributions models, and federations and cartels. Property management models might
include centralized and decentralized control and client / server, distributed networks, and
peer-to-peer networks. Each model and management approach has commensurate rights
management and tracking requirements.
Before selecting technology and services, a community must consider which specific rights,
permissions and conditions will be supported by an automated ecosystem. Examples of
specific rights are the right to: copy; print; modify; distribute; and use for commercial
purposes.
The community must also agree on the conditions that can be imposed and enforced by the
ecosystem in order to access these rights. Conditions can include things such as: payment
required; limitations on the number of times a work can be copied, read, printed or
redistributed; limitations on the time frame during which the rights can be exercised; and
specifying the attribution required if the work is quoted or re-used in any way.
DRM will be of the most value in an environment where there are simple, small and frequent
transactions involving the use or exchange of intellectual property. If the transactions are
infrequent then automation is not cost effective. If the transactions are overly complex,
then automation may not be feasible. If the transactions are more suitably handled via
traditional negotiations and contracts, then automation is not called for. Not all types of
rights transactions are appropriate for automation.
As pointed out in the scenarios in the previous section, technology-based DRM is needed but
the technology is in a nascent state. An approach based on identifying one or two key
problems and trying to solve them with the best technology available is more likely to
succeed than either doing nothing while waiting for the technology to mature or
implementing everything in an attempt to solve all problems at once.
Digital rights management occurs in the larger context of content management. In making
decisions concerning rights management, it is important to determine how content is
managed and, in particular, which aspects of content management are relevant.
The following is a basic model of content management that can be used for this purpose.
More complete models of content life cycles and content management may be found in the
books and articles referenced at the end of this white paper. [3, 7, 9, 23, 44, 45]
Create
Author Create new content, from scratch or Rights are defined when content is
by modifying existing material created. Licensing policies and
Assemble Bring together works from one or supporting technology should be
more sources and assemble them into considered.
a coherent learning module.
Offer
Publish Prepare and issue content for public Rights should be published, cataloged
(or institutional) distribution. and distributed together with content.
Catalog Classify and record attributes of This may require preservation and
content. expression of rights data.
Distribute Distribute content to the targeted
users.
Acquire
Find Search for content and discover Rights information can be used as a
content that meets the search criteria. search criterion and rights must be
Acquire Acquire access to the content in the acquired before content can be used.
format needed to support the desired
use.
Use
Use Display, interact with and otherwise Rights determine whether and how
use content content may be used. Rights may be
enforced when content is used.
Figure 2
The content life cycle is supported by software that falls into several product categories.
Rights management capability must be built into or work in concert with this software if
rights management is to be automated. It is therefore important for decision makers to
understand the various product categories and what the software provides10. This section
provides an overview of these tools.
10
Brandon-Hall publishes regular reports comparing features and functionality of products in various categories.
The executive summaries (usually available for free from [1]) provide definitions and explanations of various
e-Learning product categories. [5] and [26] also contains information of this type.
Authoring tools are used to create and modify content. They include general purpose
content authoring tools (such as Microsoft’s Word and PowerPoint, and Macromedia’s
Authorware, Dreamweaver and Flash), tools designed specifically for authoring learning
content (e.g. Trivantis Lectora, Toolbook, and ReadyGo), and tools for authoring online tests
(such as QuestionMark Perception).
Assembly tools are used to aggregate multiple pieces of content into meaningful learning
experiences with appropriate navigation paths between content objects. Content can be
assembled using an authoring tool or within a learning content management system or a
course management system.
Rights management begins in the authoring process. This is one place where rights and
licenses can be assigned to content, e.g. by explicitly defining rights associated with a new
or derived work. Authoring tools must also be able to interpret and potentially enforce
rights, e.g. by preventing existing content from being copied or edited.
Content Repositories
The term “content repository” covers a wide range of systems and services that store,
manage and give access to content and metadata. These include library systems, content
management systems, learning content management systems, digital asset management
systems, e-stores, and Web content management systems. Repositories can have built-in
search technology or rely on public search engines such as Google.
As content moves from author to student, it often passes through one or more content
repositories. If rights management is to be automated, the repositories must preserve,
process and transmit information about rights. Cataloging tools must handle rights
metadata, and interfaces to repositories may be called upon to enforce rights, for example
through a system of authentication and authorization.
Course Management Systems and Virtual Learning Environments are products that
instructors use to assemble online courses with syllabi, reading materials, chat rooms, email
lists, and tests. These products also maintain class lists and authenticate users.
11
“Behind the firewall” means that it is only accessible to authorized users from within an institution’s IT
environment.
The DRM ecosystem model and the scenarios address four distinct aspects of rights
management: defining rights, distributing / acquiring rights, enforcing rights and tracking
usage. This section discusses some concepts, services and standards that are relevant to
the automation of these processes.
Licenses
It seems impractical to expect a real-world DRM ecosystem to deal with complete range of
possible terms, conditions and licenses. It is therefore suggested that a community define a
few standard licenses that meet their needs, as is done by the Creative Commons [8]. This
suffices for most purposes and greatly simplifies implementation and adoption. Without
licenses, users may not be able to modify content for reuse and may not even be able to
use it all12.
Licenses can only be granted by the owner or rights holder of a copyrighted work, but this
can occur directly or indirectly. Every time content changes hands, a new license is needed
to express the rights of the recipient. As the content is passed along, new sets of conditions
and permissions may come into play. For example, a publisher might attach a license to a
course pack for use on a PC that grants a school district the right to distribute the course
12
See the NSDL Reusable Learning Project Web site [42] for a discussion.
A rights expression is a machine (and human) readable expression of what can be done with
content under what conditions. Licenses can be written using rights expressions. A rights
expression language is a grammar and vocabulary for expressing rights in a standardized
format13. Standardization is needed so that different components of an ecosystem can
communicate and uniformly interpret rights. The most widely recognized rights expression
languages14 are the MPEG-REL (Moving Pictures Expert Group – Rights Expression
Language) [21] and ODRL (Open Digital Rights Language) [33].
Persistence
Persistent is not the same as constant. Different rights apply to different users, so different
usage licenses may be granted to different students in compliance with the same
distribution license. For example, a graduate student acting as an instructor may be granted
the right to annotate and re-distribute content, whereas a student enrolled in a class may
not be. Persistence includes the concept that rights can be defined, distributed and acquired
as content moves through an ecosystem.
In the learning technology world “tracking” refers to the ability of a delivery system such as
a learning management system or course management system to record data on test scores
and time spent in an activity. Standards such as SCORM [1] enable data of this form to be
communicated between content and a delivery system in a way that is initiated and
controlled by the content rather than by the system. This is necessary if the same content is
to run and exhibit the same behavior on multiple systems.
Encryption
Encryption is the process of encoding data so that only an intended recipient can read it.
Encryption plays a role in authentication and in data protection, both of which are used in
DRM.
13
The grammar may be considered as separate from the vocabulary. For example, in the MPEG REL standard, the
vocabulary is encoded in a rights data dictionary.
14
Educational requirements for Rights Expression Languages have been developed by the IEEE Learning
Technology Standards committee and mapped to MPEG-REL and ODRL [17]. An extension to the MPEG-REL, based
on this work, is being developed by an ISO committee [46].
Single sign on does not solve the problem of authenticating when accessing external
content. Shibboleth [18] addresses this problem by providing a way for one institution to
obtain authority from a trusted partner institution. The Open Knowledge Initiative [34] also
addresses authentication and authorization, providing a standardized way for educational
applications to access institutional services.
This entire approach is sometimes called role-based authorization. The difficulty with it is
that the permissions are associated with users, not with content. Typically, access is the
only permission that is effectively managed through role-based authorization and even that
involves placing content into a particular area of a repository or associating with a particular
course within a learning management environment. Role-based authorization has difficulty
addressing distribution rights, attribution requirements, and copy protection. It also requires
human intervention to put content in the appropriate location as it moves from one part of
an ecosystem to the next. A lot can be done with role-based authorization, but its
limitations should be recognized.
Persistence throughout and across ecosystems depends in part on the ability to uniquely
identify content. Several systems have been proposed for this, many of which involve
handles and registries. A registry is a single, stable location that stores information on
content, including the location from which it can be accessed. A handle is a pointer to a
registry that includes an identifier provided by the registry for a registered piece of content.
This system provides identifiers that are more dependable than direct pointers to content,
i.e. than URL’s. If content providers use a registry, it also provides a means to resolve
redundant references. Registries can potentially associate metadata with content, including
rights metadata.
A number of persistent unique identifier initiatives are underway. The most widely known is
the Digital Object Identifier system [11, 47, 48]. The Advanced Distributed Learning
initiative has plans to create registry systems for learning objects [22].
A license registry is a place where licenses may be registered, permanently stored and
readily accessed. A license registry could be used to associate licenses with content. The
Creative Commons [8] offers an example. Any user can register creative commons licenses
on the site. License registries are another means to associate rights to content in a
persistent fashion.
In the corporate world, learning management systems integrate with financial systems,
human resources systems, and other “enterprise systems” to manage access to content
based on departmental charge-backs, user fees, manager permissions and other factors.
The market models that underlie a DRM ecosystem can necessitate using these types of
services in the educational world as well.
5 Conclusion
Digital rights management – the management of intellectual property rights through using
digital technology - is needed for the development of the knowledge economy in education
[29, 41]. It is needed to promote knowledge sharing as much as it is to protect content
from unauthorized use.
The ecosystem model presented in this white paper provides a structure for clarifying DRM
requirements, identifying what technology is involved and what gaps still exist. Applying the
model is a valuable first step in understanding the challenges and opportunities faced by
any institution or organization contemplating a DRM implementation.
As one starts to apply the model, several things become apparent. First, rights management
can be very complex. Second, existing frameworks for digital rights management –
primarily using “role-based authorization” – have limitations, particularly in a distributed
network environment. This supports a movement towards “persistent” methods that
associate identifiers, rights and conditions directly to content. Third, the standards and
services required to implement persistent methods and to apply DRM to market models
other than a retail model are just starting to emerge. This presents implementers with the
dilemma of deciding what can be done in the real world today while managing the risks
associated with a changing environment.
DRM is a huge and complex subject that this white paper has attempted to consolidate into
a simple ecosystem model. But every box and arrow in the model presented in Figure 1 is
worthy of at least a chapter, if not a book, of its own. The references that follow include
books, articles, and Web sites that allow the subject to be explored more fully.
3. Byrne, T. (2002). “The CMS Report”, CMS Works Inc., 3rd Edition, Autumn 2002.
4. COLIS (2004). Collaborative Online Learning and Information Services. Web site.
http://www.colis.mq.edu.au.
7. Cope, Bill and Freeman, Robin editors (2001). Digital Rights, Management and Content
Development, Common Ground Publishing, 2001
11. DOI (2004). The Digital Object Identifier System. Web site. http://www.doi.org
12. Downes, Mourad, Piccariello & Robson (2003) “DRM in E-learning: Problem Statement
and Terms of Reference”, E-learn 2003 Proceedings.
www.eduworks.com/Documents/DRM in E-Learning.pdf
14. Hulme, George (2003). “Who Needs to Know?” Information Week, June 9, 2003
www.informationweek.com/story/showArticle.jhtml?articleID=10300293
16. Iannella, Renato (2001). “Digital Rights Management (DRM) Architectures” D-Lib
Magazine, June 2001, Volume 7 Number 6.
http://www.dlib.org/dlib/june01/iannella/06iannella.html
17. IEEE LTSC (2004). IEEE Learning Technology Standards Committee. Web Site.
http://ltsc.ieee.org.
19. ISBN (2004). International Standard Book Number. Web site. http://www.isbn.org
20. ISSN (2004). International Standard Serial Number. Web site. http://www.issn.org
22. Kraan, W. (2004). ADL to Make a “Repository SCORM.” Centre for Educational
Technology Interoperability Standards.
http://www.cetis.ac.uk/content2/20040219153041
23. Jennings, Tim (2002). “Defining the Document and Content Management Ecosystem,”
Butler Direct Limited, September 2002
24. LITE. (2004). Michigan State University Laboratory for Instructional Technology in
Education. Web site. http://www.lite.msu.edu
26. Masie Center (2002). ”Making Sense of Learning Specifications and Standards.” Second
edition, March 2002. http://www.masie.com/standards/S3_Guide.pdf.
27. McCullagh, Adrian and Caelli, William (2000). “Non-Repudiation in the Digital
Environment”, First Monday, volume 5, number 8, August 2000.
http://www.firstmonday.dk/issues/issue5_8/mccullagh/
28. NLII (2004). Educause National Learning Infrastructure Initiative, Learning Objects (NLII
2002–2003 Key Theme). Many references given.
http://www.educause.edu/nlii/keythemes/learningObjects.asp.
29. Norris, Mason, Robson, Lefrere & Collier. (2003). A Revolution in Knowledge Sharing.
Educause Review, September/October 2003, 38 (5), 14 – 26.
30. NSDL (2004). National Science Digital Library. Web site. http://www.nsdl.org
32. OCLC (2004). Persistent Uniform Resource Locator. Online Computer Library Center.
Web site. http://purl.oclc.org
33. ODRL (2004). Open Digital Rights Language Initiative. Web site. http://www.odrl.net
34. OKI (2004). The Open Knowledge Initiative. Web site. http://web.mit.edu/oki.
38. Robson, R. (2002). “The ‘Rights’ Stuff”, Techlearn presentation, November 2002
40. Robson, R. (2003). “The Teach Act and the MPEG Rights Expression Language”,
Eduworks, 2003 - http://www.xrml.org/reference/TEACH_REL_WP.pdf
41. Robson, Norris, Lefrere, Collier, & Mason. (2003) Share and Share Alike: The E-
Knowledge Transformation Comes to Campus. Educause Review, September/October
2003. Online only. http://www.educause.edu/ir/library/pdf/erm0351.pdf
42. Robson, Muramatsu & Collier (2004). The Reusable Learning Project. Web site.
http://www.resuablelearning.org.
43. Rosenblatt, Bill (1997). "The Digital Object Identifier: Solving the Dilemma of Copyright
Protection Online," in the Journal of Electronic Publishing (University of Michigan Press),
volume 3, issue 2, December 1997
44. Rosenblatt, Bill and Dykstra, Gail (2003). “Integrating Content Management with Digital
Rights Management,” Giantsteps Media Technology Strategies and Dykstra Research,
May 2003
45. Rosenblatt, Trippe and Mooney (2002). Digital Rights Management – Business and
Technology, M & T Books 2002
46. SC36 (2004). ISO/IEC JTC1 SC36 Working Group 4, Web Site.
http://mdlet.jtc1sc36.org/.
47. Scharf, Davida (2002). The DOI is coming: tracking digital information, Information
Outlook Magazine, Sept 2002.
http://www.findarticles.com/cf_dls/m0FWE/9_6/91913053/p1/article.jhtml
48. Slater, Jenny and Barker, Phil (2003). Unique Identifiers for Metadata Records, CETIS
(the Centre for Educational Technology Interoperability Standards, last modified
February 2003. http://metadata.cetis.ac.uk/guides/uids.doc
49. Ternier, Stefaan and Duval, Erik (2003). “Web services for the ARIADNE Knowledge Pool
System” Dept. Computerwetenschappen, Katholieke Universiteit Leuven, November
2003. http://rubens.cs.kuleuven.ac.be:8989/ariadne/CONF2003/papers/TER2003.pdf
51. U.S. Copyright Office (1998). Digital Millennium Copyright Act (Summary).
http://www.copyright.gov/legislation/dmca.pdf
52. U.S. Copyright Office (2001). Copyright Law of the United States, Text Revised as of
July, 2001. http://www.copyright.gov/title17/
54. XRML (2004). Extensible Rights Markup Language. Web site. http://www.xrml.org.